Tres Seaver wrote:
> Hash: SHA1
> Martin Aspeli wrote:
>> I've not done this yet:
>>>   3) Change the Permission class in AccessControl so that it tries to 
>>> look up an IPermission utility and use the title of that utility as the 
>>> permission name, falling back on the current behaviour of using the 
>>> passed permission name directly.
>> I'd like to solicit a bit more input before attempting this, as I got at 
>> least one -1.
>> I think this is the bigger win, though, and I'd still like to do it 
>> unless performance becomes prohibitive or it turns out to be too 
>> invasive a change.
> - -1:  I think both of those will be true.  I also don't see much win.
> The major goal should be to unify the API for add-ons, rather than the
> implementation:  your #1 and #2 alaready did that, I think.

I had a deeper look last night, and I think this would be more invasive 
than I'd feared. I thought originally the Permission class was used 
everywhere, but on further inspection, I see that manually constructed 
'_Permission' strings are used in a lot of places, including C code.

It frightens me slightly that, having pdb'd my way through AccessControl 
a number of times, I still have only a fuzzy idea about how the 
permissions system works, and I haven't found any solid documentation 
with the code.

I think to unify the API, we'd need to:

  - Promote the checkPermission method like Hanno suggested
  - Change rolemap.xml in GenericSetup to accept Zope 2 names
  - Look at other places where permission names are passed around in 
code (there are a few places in Plone, for instance) and make sure we 
always prefer the Zope 3 dotted name.


Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See

Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to